diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-03 19:58:25 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-03 19:58:25 -0400 |
| commit | bbffd0a0187334c3ce80b446b08b6ea195da5063 (patch) | |
| tree | 661785505e37b2f91ecedfc0df332e0957164ad6 /src | |
| parent | b448ec195dd8687d2d5f363e12fec046eb2d1677 (diff) | |
| parent | d315b8e8bc712f881fcc70624cb135a8e3855f63 (diff) | |
| download | tor-bbffd0a0187334c3ce80b446b08b6ea195da5063.tar.gz tor-bbffd0a0187334c3ce80b446b08b6ea195da5063.zip | |
Merge remote-tracking branch 'origin/maint-0.2.5'
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/tortls.c | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index eda10bbe2e..f4a07f0b93 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1463,6 +1463,43 @@ static uint16_t v2_cipher_list[] = { /** Have we removed the unrecognized ciphers from v2_cipher_list yet? */ static int v2_cipher_list_pruned = 0; +/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>; + * return 1 if it does support it, or if we have no way to tell. */ +static int +find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher) +{ + const SSL_CIPHER *c; +#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR + if (m && m->get_cipher_by_char) { + unsigned char cipherid[3]; + set_uint16(cipherid, htons(cipher)); + cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting + * with a two-byte 'cipherid', it may look for a v2 + * cipher with the appropriate 3 bytes. */ + c = m->get_cipher_by_char(cipherid); + if (c) + tor_assert((c->id & 0xffff) == cipher); + return c != NULL; + } else +#endif + if (m && m->get_cipher && m->num_ciphers) { + /* It would seem that some of the "let's-clean-up-openssl" forks have + * removed the get_cipher_by_char function. Okay, so now you get a + * quadratic search. + */ + int i; + for (i = 0; i < m->num_ciphers(); ++i) { + c = m->get_cipher(i); + if (c && (c->id & 0xffff) == cipher) { + return 1; + } + } + return 0; + } else { + return 1; /* No way to search */ + } +} + /** Remove from v2_cipher_list every cipher that we don't support, so that * comparing v2_cipher_list to a client's cipher list will give a sensible * result. */ @@ -1474,16 +1511,7 @@ prune_v2_cipher_list(void) inp = outp = v2_cipher_list; while (*inp) { - unsigned char cipherid[3]; - const SSL_CIPHER *cipher; - /* Is there no better way to do this? */ - set_uint16(cipherid, htons(*inp)); - cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting - * with a two-byte 'cipherid', it may look for a v2 - * cipher with the appropriate 3 bytes. */ - cipher = m->get_cipher_by_char(cipherid); - if (cipher) { - tor_assert((cipher->id & 0xffff) == *inp); + if (find_cipher_by_id(m, *inp)) { *outp++ = *inp++; } else { inp++; |